# So you want to secure your communications?

As communists we are at a bigger risk of being monitored, spied on and infiltrated
no matter where we live. Be it the US, Poland or [India](https://tutanota.com/blog/posts/apps-banned-india), national and international
bourgeoisie have an interest in keeping tabs on communists, their actions, plans,
members and more. Thus secure communications are extremely important to maintain
and enforce with anyone you plan to do anything more serious than just shitposting.

This is a short guide to introduce you into these subjects, make sure to visit
the [Privacy community on lemmy.ml](https://lemmygrad.ml/c/privacy@lemmy.ml),
you can also check out [MentalOutlaw](https://yt.artemislena.eu/channel/UC7YOGHUfC1Tb6E4pudI9STA).
He has good guides, howeveeeeer he is a libertarian type, so you're bound to find
brain worms.

Also please be sure to look out for corporations and businesses marketing pro privacy
products, privacy conciousness has recently blown up as a very big market and so, much money
is to be made. Many of these actors, do not and will not act in your best interest.

## What should I avoid?

Most important is to avoid any corporate messaging platforms, do not use Discord,
Google Talk, Microsoft Teams, Messenger, Whatsapp, unencrypted email and the like.
Social media platforms also fall into this category, forget about Twitter DMs and
tweets, Reddit, Tumblr, Facebook and more. All of these fall out of the question
as they *are* American capital and answer to Washington.

Other forms of communication may also pose a liability if they are not secured,
do not use IRC, Lemmy DMs, SMS and phone calls. These do not in any way encrypt
your communications and even store them on servers outside of your control, avoid
that as much as you can.

*"Oh Lemmygrad is safe, nothing's going to happen to us here!"*, you may say.

[**I wouldn't be so sure of that.**](https://www.neowin.net/news/admin-of-an-anarchist-mastodon-server-raided-by-fbi-insecure-user-data-gets-seized/)

## So what am I even supposed to use?

We've got a lot to choose from, and many of the choices listed can themselves
be considered either backup plans or used in tandem to minimize risks.

### ~~Signal~~

Signal has been removed by contribution from the Lemmygrad community.
Now why you may wonder? Simply, it's been proven to me to not be safe to use.
Do not use it, and if you do: please find and alternative immediately.

Below is the resource I have have been linked to by comrades.
Thank you to @Kovpak, @Pili, @ColonelRevolution,

[*Why not Signal?* by Dessalines; co-creator of lemmy](https://dessalines.github.io/essays/why_not_signal.html#why-not-signal)

All recommendations given by Dessalines are also *for the moment* endorsed by this guide,
and they will be looked at through a short summary. Later on they will get their
own comprehensive sections.

### SimpleX

**TODO: VERY MUCH IMPROVE THIS SECTION**

Apart from what Dessalines mentioned [SimpleX](https://simplex.chat/) has some very interesting advantages
compared to Signal. First of all, the documentation is **fucking dense**. There's a lot.
I don't even have time to read through it to make this amendment, so I skimmed it.
And you know what, the thing is **advanced**. You can really do a lot here.

The website itself also is a treasure trove of information, all of it densely
packed and easily accessible. Normally I'd have to search for it, but here I even
learn a few things. Like whatever the fuck a [Sybil attack](https://en.wikipedia.org/wiki/Sybil_attack)
even is.

What I've learned is that I need to learn more, and that I can recommend SimpleX.
For the moment I'll stick to Tox and get to studying these other alternatives I've
found.

### Matrix

**TODO: ADD SECTION**

### Jitsi

**TODO: ADD SECTION**

### Jami

**TODO: ADD SECTION**

### Briar

**TODO: ADD SECTION**

### XMPP

**TODO: ADD SECTION**

### PGP and E-Mail

We also have communications which have existed for a *very* long time
and which can be very well secured. Namely E-Mail, before we get into the whole
securing thingy be sure you are not using any corporate providers and aren't 
allowing them store and collect your encrypted data.

I suggest using a provider like [disroot](https://disroot.org), and additionally
I suggest using multiple accounts as to for example not to mix your real world
identity with your secret identities.

I also do suggest *not* using Tutanota, as their serivces do not allow for having
IMAP or POP3 connections thus locking you into their *own* web client and
*encryption* system, which only works between other Tutanota users, making PGP
encryption very manual and tedious.

After creating an account setup a mail client, and also you're going to need to generate
a [PGP](https://gnupg.org/) key pair. Make sure you never upload it to *any* E-Mail provider, that
includes disroot. Keep it only locally and use it through the mail client you have installed.
For Linux, there are many you can choose from so use whatever you like. Evolution,
ClawsMail, Thunderbird, all will do.
For Android it's best to use FairMail, a great FOSS client available on F-Droid.
Returning to the PGP key pair, it will contain one public key you give others access to. It is used
to encrypt data meant only for you, and one private key you should *never ever
send to anyone* as it will be used to decrypt data meant for you.
Many E-Mail clients available for *NIX operating systems can easily incorporate
PGP keys into their operation, not requiring you to encrypt and decrypt anything
manually.

[Here's an introduction on GPG that will help you generate and manage a key pair.](https://www.devdungeon.com/content/gpg-tutorial)

### Tox

Nex, we have the [Tox protocol](https://tox.chat). It was created
to allow for encrypted and safe communications without the need of a centralized
authority managing all of these. Tox itself and it's clients are considered alpha software! So even if the communications
are secure, it's very much not finished yet. This of course brings some additional quirks.
For example, if you accept someone's friend request they will be able to see your
IP address. This is bad! So please, visit the [Tox wiki for a guide on how to remedy this very important issue.](https://wiki.tox.chat/users/tox_over_tor_tot)

Tox also has to be open and running on both ends for messages to reach the recipients.
For example, let's say I send a message. Until my friend logs into his Tox account
the message won't reach him, and if I decide to turn off my Tox connection before
this message is recieved, sending will stop until I turn on Tox again.
That's why a mobile client like aTox can be very handy, as you'll probably have
your Tox client running 24/7.

## Is there anything else I should know?

Well, the list I've provided isn't in any way including all of the options
for secure communications, however it is a good base.
You can explore to find other ways, or ask around in other communities, like the
previously mentioned [Privacy community on lemmy.ml](https://lemmygrad.ml/c/privacy@lemmy.ml)
or even the [Linux community on lemmy.ml](https://lemmygrad.ml/c/linux@lemmy.ml).

*This guide is written for the c/leftistunix community on [lemmygrad.ml](https://lemmygrad.ml).*

*© 2023 This guide is licensed under the* [*Creative Commons BY-NC-SA 4.0 License*](https://creativecommons.org/licenses/by-nc/4.0/legalcode)

![](https://notabug.org/polskilumalo/lemmygrad_leftistunix/raw/master/images/by-nc-sa.png)